hacker discovered a bug that allows them to access user information and allows them to remotely open and close garage door from the brand Internet-of-Things NexxEQUAL motherboard report. Nexx Wi-Fi Controller connects to popular garage door openers, turning existing hardware into networked devices that owners can operate from anywhere in the world.
In case you lost it:
Hackers can now also operate these wi-fi-enabled garage doors due to a bug found by cybersecurity researcher Sam Sabetanwho told? motherboard that he could intercept sensitive data sent from the Nexx wi-fi controller to the US-based company’s servers:
Sabtean did a proof-of-concept video of the hack. It shows him holding his hand open the door of his own garage as expected with the Nexx app. He then logged into a tool to view the messages sent by the Nexx device. Sabetan closes the door with the app and collects the data the device sends to Nexx’s servers in this action.
With that, Sabetan not only received information about his device, but also received messages from 558 other devices that were not his. He can now see the device ID, email address, and name associated with each device, according to the video.
Sabetan then replays the command to return to the garage through the software — not the app — and his door opens again. Sabetan has only tested this on his own garage door, but he can remotely open other users’ garage doors using this technique.
The specific exploit is not described in detail to protect users who may still be vulnerable to the application’s security vulnerability. Worse, the vulnerability also applies to other devices the company sells, including wi-fi enabled alarms and smart plugs. Again, all of these devices are built into the Nexx app, so hackers can intercept their data and possibly even take control of them, as the video shows. Cool wheels on it Scion FR-WILLBy the way.
In addition to the ability to open and close garage doors and possibly enter someone’s home, hackers can also disable Nexx alarms and even power off anything connected to a networked electrical outlet via Nexx controller.
G/O Media can receive commission
67% off
Steel Outdoor Fire Pit
Gather ’round the fire.
With a powder-coated, bronze-colored steel finish, this fire pit looks as pretty as it is durable.
This specific bug has gone unaddressed for months, according to Sabetan, who says he’s attempted to reach out to Nexx repeatedly since discovering the weakness. The company has been unresponsive to the white hat’s reports so far.
Sabetan adds that support staff at the company did finally respond to an inquiry that he framed as seeking “help with his own Nexx product.” Technically, that’s true since the researcher needed help with his Nexx product — as well as whatever others exhibit the same security flaw. Nexx support promptly replied to his request for “help”, but Sabetan said, “Great to know your support is alive and well and that I’ve been ignored for two months.”
It is possible that messages sent to the help desk are screened and then sent to different departments. But Nexx has also reportedly ignored contact attempts from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. This subsection at Homeland published an advisory about Nexx devices this week, but Nexx has not officially acknowledged the issue.
Nexx has not responded to bug reports from Sabetan, nor has it released patches in the meantime. That’s just the reality of the constantly connected world we live in, where a so-called smart home can be made unsafe by a device that promises to make life more convenient and possible. seems to be safer in the first place.
Nexx speaks to the value of its garage door controller by saying it will save you from the anxiety of wondering if you left your garage door open. We’ve reached out for comment and will provide an update if Nexx responds.
